Monday, September 28, 2015

Inquiry (EC21 Phishing)

Date: 2015.09.28

Dear User,

Congratulations! You have received a new inquiry sent to you from posted on EC21.com. To see the content and reply to this inquiry, please click on the Check Inquiry button below.

Please do not reply to this email as it is unmonitored.

Dynamic Marketplace for Global B2B � EC21
Copyright (c) EC21 Inc. All Rights Reserved./ipod design (c)

Phishing analysis :

CLICK : button
OPEN : http://tiverious.gr/wp-includes/js/plupload/EC21.com/index.html


VALIDATE : FORM
REDIRECT : http://supplier.ec21.com/
INFOS EXTRACTED : helpmegod.me@gmail.com

helpmegod.me@gmail.com analysis :

Domain Name: BEN-LAWYER.COM
Registrar: NetEarth One, Inc.
Registrar IANA ID: 1005
Registrant Name: Sam Luoi
Registrant Organization: ben-lawyer
Registrant Street: 2nd ave linden street,
Registrant City: johannebsurg
Registrant State/Province: Gauteng
Registrant Postal Code: 0001
Registrant Country: ZA
Registrant Phone: +27.780062257
Registrant Email: helpmegod.me@gmail.com

Domain Name: JASONFOXTRADING.COM
Registrar: NetEarth One, Inc.
Registrar IANA ID: 1005
Registrant Name: Jason Fox
Registrant Organization: Jason Foxtrading
Registrant Street: 2nd ave kent road
Registrant City: Johannesburg
Registrant State/Province: Gauteng
Registrant Postal Code: 2001
Registrant Country: ZA
Registrant Phone: +27.214261956
Registrant Fax: +27.866888831
Registrant Email: helpmegod.me@gmail.com

Email analysis :

NOTE : jrb14n@my.fsu.edu
NOTE : X-Originating-Ip : [197.228.71.63]
NOTE : Mime-Version : 1.0
NOTE : client-ip=157.56.111.247;
NOTE : X-Originatororg : my.fsu.edu
NOTE : Received : from boy1-PC.www.huaweimobilewifi.com (197.228.71.63)


NOTE : Inquiry

Thursday, April 9, 2015

New Inquiry Arrival Notice EC21 (EC21 Phishing)

Date: 2015.04.08
Ismail Hassan has sent you a new inquiry

You have received a new business inquiry from Ismail Hassan posted on EC21.com.
To view this inquiry, please log in with your e-mail address and password .
Please do not reply to this email as it is unmonitored.

Thank you.
EC21 service team
support@ec21.com

Dynamic Marketplace for Global B2B – EC21
Copyright(c) EC21 Inc. All Rights Reserved.

Email analysis :

NOTE : cfski.severi.infos.inquiry@ec21.org
NOTE : Received : by ip-50-63-190-20.ip.secureserver.net (Postfix, from userid 10090)
NOTE : Received : from ip-50-63-190-20.ip.secureserver.net ([50.63.190.20])
NOTE : by mail.oaksdata.net (IceWarp 10.4.5)
NOTE : X-Php-Originating-Script : 10090:chairo.php
NOTE : abmpcell@abmpcellcharge.com does not designate permitted sender hosts
NOTE : client-ip=208.179.47.75;

Phishing analysis :

CLICK : IMAGE
OPEN : http://masoudansari.com/EC21.com/index.html
SCREENSHOT :


VALIDATE : FORM
REDIRECT : http://supplier.ec21.com/

masoudansari.com whois :

Registrant Name: Mani Behrouz
Registrant Organization: Mani Behrouz
Registrant Street: 4/43 Blyth st.
Registrant City: Adelaide Registrant State/Province: SA
Registrant Postal Code: 5037
Registrant Country: AU
Registrant Phone: +61.0401336312
Registrant Email: manipahlavi@yahoo.com

New Inquiry From EC21 (EC21 Phishing)

Date: 2015.04.02

Ismail Hassan has sent you a new inquiry

You have received a new business inquiry from Ismail Hassan posted on EC21.com.
To view this inquiry, please log in with your e-mail address and password .

Please do not reply to this email as it is unmonitored.

Thank you.
EC21 service team
support@ec21.com

Dynamic Marketplace for Global B2B – EC21
Copyright(c) EC21 Inc. All Rights Reserved.

Email analysis :

NOTE : qfmy.oo.ff.ww.d.er@EC21.biz
NOTE : Received : from divfash by hosting.hosth.in with local (Exim 4.82) (envelope-from < divfash@hosting.hosth.in >)

Phishing analysis :

CLICK : Image
OPEN : http://trauma2014.chopcme.com/administrator/EC21.com/index.html
RESULT : It was a Joomla compromised website relaying an EC21 phishing.

Saturday, December 6, 2014

Urgent Inquiry Arrival Notification From EC21!! ( EC21 Phishing )

Date: 2014.12.06

Dear User,

Congratulations! You have received a new inquiry sent to you from posted on EC21.com. To see the content and reply to this inquiry, please click on the Check Inquiry button below.

Please do not reply to this email as it is unmonitored.

Dynamic Marketplace for Global B2B � EC21
Copyright (c) EC21 Inc. All Rights Reserved./ipod design (c)

Phishing analysis :

CLICK : BUTTON
OPEN : http://pausesociale.com/EC21.com/index.html
SCREENSHOT :


REDIRECT : http://supplier.ec21.com/

Email analysis :

NOTE : X-Source-Args : /usr/local/apache/bin/httpd -k start -DSSL
NOTE : Return-Path :
NOTE : Mime-Version : 1.0
NOTE : smtp.mail=nobody@s2.filipnet.ro
NOTE : X-Source-Dir : ceramica-neagra-marginea.ro:/public_html/wp-content/uploads
NOTE : Sender : Nobody < nobody@s2.filipnet.ro >
NOTE : Content-Transfer-Encoding : 8bit
NOTE : Message-Id : < *@s2.filipnet.ro >
NOTE : X-Get-Message-Sender-Via : s2.filipnet.ro: uid via acl_c_vhost_owner
NOTE : from authenticated_id: nobody from /only user confirmed/virtual account not confirmed
NOTE : Content-Type : text/html
NOTE : client-ip=89.38.132.141;
NOTE : Received : from s2.filipnet.ro (s2.filipnet.ro. [89.38.132.141])
NOTE : Received : from nobody by s2.filipnet.ro with local (Exim 4.82)
NOTE : (envelope-from )
NOTE : Urgent Inquiry Arrival Notification From EC21!!

Thursday, December 4, 2014

Inquiry

Date: 2014.12.04

Dear User,

Congratulations! You have received a new inquiry sent to you from posted on EC21.com. To see the content and reply to this inquiry, please click on the Check Inquiry button below. Please do not reply to this email as it is unmonitored.

Dynamic Marketplace for Global B2B � EC21
Copyright (c) EC21 Inc. All Rights Reserved./ipod design (c)

Email analysis :

NOTE : EC21@lin1.fastmodding.com
NOTE : colombetta@lin1.fastmodding.com
NOTE : Content-Type : text/html
NOTE : Received : from lin1.fastmodding.com (lin1.fastmodding.com. [95.110.193.53])
NOTE : Received : by lin1.fastmodding.com (Postfix, from userid 1052)
NOTE : Received-Spf: client-ip=95.110.193.53;
NOTE : Content-Transfer-Encoding : 8bit
NOTE : Message-Id : < *.*@lin1.fastmodding.com >
NOTE : Inquiry

Phishing analysis :

CLICK : Button
OPEN : http://www.saygecommunications.com/wp-content/upgrade/EC21.com/
SCREENSHOT :


ACTION : Validate form
REDIRECT : http://supplier.ec21.com/

Saygecommunications.com whois :

Domain Name: SAYGECOMMUNICATIONS.COM
Registry Domain ID: 1820894410_DOMAIN_COM-VRSN
Creation Date: 2013-08-09T22:01:22Z
Registrant Name: Jacob Abshire
Registrant Organization: AliasBDI, Inc.
Registrant Street: 12907 Chalfield Cir
Registrant City: Houston
Registrant State/Province: TX
Registrant Postal Code: 77044
Registrant Country: US
Registrant Phone: +1.8326719771
Registrant Fax: +1.3105642007
Registrant Email: jabshire@resolutecreative.com

Wednesday, October 29, 2014

EC21 Membership Update. (EC21 Phishing)

Date: 2014.10.29

Dear Valued User:
EC21.com service verification !

Your EC21.com service account needs an important email verification due to the new upgrade on our system security server. you are therefore required to verify your email account by following the reference below:

Click here now to get your email verified >>

Thank you.
EC21 service team
support@ec21.com

Dynamic Marketplace for Global B2B – EC21
Copyright(c) EC21 Inc. All Rights Reserved.

Phishing analysis :

CLICK : Click here now to get your email verified >>
OPEN : http://sudhasheth.com/EC21.com/index.html
VALIDATE FORM :


REDIRECT : http://supplier.ec21.com/

sudhasheth.com whois :

Domain Name: SUDHASHETH.COM
Registrar URL: http://www.wildwestdomains.com
Registrant Name: sudha sheth
Name Server: NS1.GVODNS.COM
Name Server: NS2.GVODNS.COM
DNSSEC: unsigned
Registry Registrant ID:
Registrant Name: sudha sheth
Registrant Organization:
Registrant Street: 1201,Era 4,MarathonNextgen ganpatrao Kadam marg,
Registrant City: Mumbai
Registrant State/Province: Maharashtra
Registrant Postal Code: 400013
Registrant Country: India
Registrant Phone: +91.9987498648
Registrant Email: shethsudha@hotmail.com

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html
NOTE : Return-Path : < http@neo.backiel.com.pl >
NOTE : Received : from neo.backiel.com.pl (neo.backiel.com.pl. [194.88.154.10])
NOTE : Received : by neo.backiel.com.pl (Postfix, from userid 51)
NOTE : Received-Spf : client-ip=194.88.154.10;
NOTE : X-Php-Originating-Script : 51:mailer.php
NOTE : Content-Transfer-Encoding : 8bit
NOTE : EC21 Membership Update.

Tuesday, October 7, 2014

EC21 Phishing


Date: 2014/10/07

Dear Valued Member,

Your EC21 Membership needs to be validated due to the new upgrade on our system security server which has been upgrade to protect your member information. Due to this you are required to kindly click on the link below to validate your EC21 Membership.

CLICK HERE TO VALIDATE NOW.

Failure to validate your EC21 Membership will be suspended by EC21 service team. Thank you for choosing EC21.

Thank you.

EC21 service team
support@ec21.com

Dynamic Marketplace for Global B2B – EC21
Copyright(c) EC21 Inc. All Rights Reserved.

Email analysis :
================================
NOTE : Received : from cyberia.net.sa (FMBX01.cyberia.net.sa. [212.119.64.159])


NOTE : Received : from [41.151.152.234] (account info@aplaco.com.sa HELO User)


NOTE : by fmbx01.cyberia.net.sa (CommuniGate Pro SMTP 6.0.5);
NOTE : Return-Path :
NOTE : client-ip=212.119.64.159;
NOTE : smtp.mail=zwe.us.infos@ec21.org
NOTE : Mime-Version : 1.0
NOTE : Content-Type : text/html; charset="Windows-1251"
NOTE : Content-Transfer-Encoding : 7bit
NOTE : X-Priority : 3
NOTE : X-Msmail-Priority : Normal
NOTE : X-Mailer : Microsoft Outlook Express 6.00.2600.0000
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : Message-Id :
NOTE : Membership Update From EC21
================================

Phishing analysis :
================================
CLICK : "CLICK HERE TO VALIDATE NOW."
OPEN : http://www.bcbg-event.com/EC21.com/index.html


REDIRECT : http://supplier.ec21.com/
================================

bcbg-event.com whois :
================================
Domain Name: bcbg-event.com
Registry Domain ID:
Registrar WHOIS Server: whois.ovh.com
Registrar URL: http://www.ovh.com
Updated Date: 2013-10-10T07:46:29.0Z
Creation Date: 2009-10-17T11:46:33.0Z
Registrar Registration Expiration Date: 2014-10-17T11:46:33.0Z
Registrar: OVH, SAS
Registrar IANA ID: 433
Registrar Abuse Contact Email: abuse@ovh.net
Registrar Abuse Contact Phone: +33.899498765
================================

Tuesday, September 9, 2014

EC21 Inquiry Service

Date: 2014.09.09

Dear User,

Congratulations! You have received a new inquiry sent to you from posted on EC21.com. To see the content and reply to this inquiry, please click on the Check Inquiry button below.

Please do not reply to this email as it is unmonitored.

Dynamic Marketplace for Global B2B � EC21
Copyright (c) EC21 Inc. All Rights Reserved./ipod design (c)

Thursday, August 28, 2014

EC21 Phishing

Date: 2014/08/27

Dear Valued Member,

Your EC21 Membership needs to be validated due to the new upgrade on our system security server which has been upgrade to protect your member information.

Due to this you are required to kindly click on the link below to validate your EC21 Membership.

CLICK HERE TO VALIDATE NOW.

Failure to validate your EC21 Membership will be suspended by EC21 service team. Thank you for choosing EC21.

Thank you.

EC21 service team
support@ec21.com

Dynamic Marketplace for Global B2B – EC21
Copyright(c) EC21 Inc. All Rights Reserved.

NOTE : New Urgent Membership Update EC21
NOTE : CLICK HERE TO VALIDATE NOW.
NOTE : http://www.vermillianpaint.com/media/system/EC21.com/index.html

vermillianpaint.com WHOIS :
============================================
Domain Name: VERMILLIANPAINT.COM
Registry Domain ID:
Registrar WHOIS Server: whois.netearthone.com
Updated Date: 26-Aug-2014
Creation Date: 15-Sep-2003
Registrar Registration Expiration Date: 15-Sep-2015
Registrar: NetEarth One, Inc.
Registrar IANA ID: 1005
Domain Status: clientTransferProhibited
Registry Registrant ID: DI_25374461
Registrant Name: Roelof Vermeulen
Registrant Organization: SA Marketing CC
Registrant Street: PO Box 766 Rant en Dal
Registrant City: Krugersdorp
Registrant State/Province: Gauteng
Registrant Postal Code: 1751
Registrant Country: ZA
Registrant Phone: +27.0729643159
Registrant Email: roelof@samarketing.co.za
Registry Admin ID: DI_25374461
Admin Name: Roelof Vermeulen
Admin Organization: SA Marketing CC
Admin Street: PO Box 766 Rant en Dal
Admin City: Krugersdorp
Admin State/Province: Gauteng
Admin Postal Code: 1751
Admin Country: ZA
Admin Phone: +27.0729643159
Admin Email: roelof@samarketing.co.za
Registry Tech ID: DI_25374461
Tech Name: Roelof Vermeulen
Tech Organization: SA Marketing CC
Tech Street: PO Box 766 Rant en Dal
Tech City: Krugersdorp
Tech State/Province: Gauteng
Tech Postal Code: 1751
Tech Country: ZA
Tech Phone: +27.0729643159
Tech Email: roelof@samarketing.co.za
Name Server: ns1.securehosting.co.za
Name Server: ns2.securehosting.co.za
Name Server: ns3.securehosting.co.za
Name Server: ns4.securehosting.co.za
DNSSEC:Unsigned
============================================

Wednesday, August 27, 2014

EC21 Inquiry Service

Date: 2014.08.17

Dear User,

Congratulations! You have received a new inquiry sent to you from posted on EC21.com. To see the content and reply to this inquiry, please click on the Check Inquiry button below.

Please do not reply to this email as it is unmonitored.

Dynamic Marketplace for Global B2B � EC21
Copyright (c) EC21 Inc. All Rights Reserved./ipod design (c)

Sunday, August 24, 2014

EC21 Phishing

Date: 2014.08.20

Dear Valued Customer,

Congratulations! You have received a new inquiry. RidhiSiddhi Agro has sent you an inquiry from [ Trade Leads ] posted on EC21.com. To see the content and reply to this inquiry, please click on the Check Inquiry button below. Please do not reply to this email as it is unmonitored.

Thank you.
EC21 service team
support@ec21.com

Dynamic Marketplace for Global B2B – EC21
Copyright(c) EC21 Inc. All Rights Reserved.

NOTE : [EC21 Inquiry] Urgent Message. RidhiSiddhi Agro
NOTE : Received-Spf : none
NOTE : (google.com: nhhamd.er@ec21.biz does not designate permitted sender hosts)
NOTE : client-ip=78.129.199.67;
NOTE : Received-Spf : none
NOTE : receiver=hola1.gnos1s.com; client-ip=41.150.157.3; envelope-from=nhhamd.er@EC21.biz
NOTE : http://crd.org.np/EC21.com/index.html

Saturday, August 16, 2014

EC21 Phishing

Date: 2014/08/13

Dear Valued Member,

Your EC21 Membership needs to be validated due to the new upgrade on our system security server which has been upgrade to protect your member information. Due to this you are required to kindly click on the link below to validate your EC21 Membership.

CLICK HERE TO VALIDATE NOW.

Failure to validate your EC21 Membership will be suspended by EC21 service team. Thank you for choosing EC21.

Thank you.

EC21 service team
support@ec21.com

Dynamic Marketplace for Global B2B – EC21
Copyright(c) EC21 Inc. All Rights Reserved.

NOTE : CLICK HERE TO VALIDATE NOW.
NOTE : REDIRECT
NOTE : http://xa6107.xa6.serverdomain.org/cms/media/EC21.com/index.html